Create a Subscription Filter

After you create a destination, the log data recipient account can share the destination
ARN
(arn:aws:logs:us-east-1:999999999999:destination:testDestination) with other
AWS accounts so that they can send log events to the same destination. These other
sending accounts
users then create a subscription filter on their respective log groups against this
destination. The subscription filter immediately starts the flow of real-time log
data from the chosen log group to the specified destination.

In the following example, a subscription filter is associated with a log group
containing AWS CloudTrail events so that every logged activity made by "Root" AWS
credentials is delivered to the destination you created above that encapsulates an
Kinesis
stream called "RecipientStream". For more information about how to send AWS CloudTrail
events
to CloudWatch Logs, see Sending CloudTrail
Events to CloudWatch Logs in the AWS CloudTrail User Guide.

The log group and the destination must be in the same AWS region. However, the
destination can point to an AWS resource such as a Kinesis stream that is located
in a different region.

Note

Unlike the subscriptions example Real-time Processing of Log Data with Subscriptions, in this example you did not have to provide
a role-arn. This is because role-arn is needed for impersonation while writing
to an Kinesis stream, which has already been provided by the destination owner
while creating destination.